CN115086432A - Data processing method, device, equipment and storage medium based on gateway supervision - Google Patents

Data processing method, device, equipment and storage medium based on gateway supervision Download PDF

Info

Publication number
CN115086432A
CN115086432A CN202210657077.0A CN202210657077A CN115086432A CN 115086432 A CN115086432 A CN 115086432A CN 202210657077 A CN202210657077 A CN 202210657077A CN 115086432 A CN115086432 A CN 115086432A
Authority
CN
China
Prior art keywords
request data
data
service request
encrypted
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210657077.0A
Other languages
Chinese (zh)
Inventor
白云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Yunchuang Shuan Technology Co ltd
Original Assignee
Shenzhen Yunchuang Shuan Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Yunchuang Shuan Technology Co ltd filed Critical Shenzhen Yunchuang Shuan Technology Co ltd
Priority to CN202210657077.0A priority Critical patent/CN115086432A/en
Publication of CN115086432A publication Critical patent/CN115086432A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways

Abstract

The invention relates to the field of cloud transmission, and discloses a data processing method based on gateway supervision, which comprises the following steps: judging whether the service request data needs to be sent to a serial module or a parallel module in the gateway; when the data is sent to the series module, service request data is intercepted, when request authority exists in the service request data, data to be desensitized in the service request data is selected according to service rules to perform desensitization operation, the data to be encrypted is encrypted, desensitized desensitization request data and encrypted encryption request data are integrated, and the processed service request data are responded to a request system; and when the service request data are sent to the parallel module, the service request data are signed to obtain signed service request data. The invention also relates to a block chaining technique, and the service request data can be stored in the block chaining point. The invention also provides a data processing device, equipment and a medium based on gateway supervision. The invention can improve the data response effect and efficiency.

Description

Data processing method, device, equipment and storage medium based on gateway supervision
Technical Field
The invention relates to the field of cloud transmission, in particular to a data processing method, a data processing device, data processing equipment and a storage medium based on gateway supervision.
Background
The traditional data response method monitors request data through scripts written by a programming language to realize monitoring and response of the request data, for example, in the java programming language, a java source code is compiled into a byte code through a byte code mode, byte code parameters are intercepted through a java probe, and the request parameters are responded through a processor in the running process.
Disclosure of Invention
The invention provides a data processing method, a device, equipment and a storage medium based on gateway supervision, and mainly aims to improve the data response effect and efficiency.
In order to achieve the above object, the present invention provides a data processing method based on gateway supervision, which comprises:
receiving service request data, and judging whether the service request data needs to be sent to a serial module or a parallel module in a preset gateway;
intercepting the service request data when the service request data needs to be sent to a serial module, transmitting the service request data to a preset thread queue, and identifying the request permission of the service request data by using the thread queue;
when the service request data has the request right, selecting data to be desensitized and data to be encrypted in the service request data according to a preset service rule, desensitizing the data to be desensitized to obtain desensitized request data, encrypting the data to be encrypted to obtain encrypted request data, integrating the desensitized request data and the encrypted request data to obtain processed service request data, and responding the processed service request data to a preset request system;
and when the service request data need to be sent to the parallel module, signing the service request data to obtain signed service request data.
Optionally, the determining whether the service request data needs to be sent to a serial module or a parallel module in a preset gateway includes:
identifying whether a service analysis instruction exists in the service request data;
when a service analysis instruction exists in the service request data, forwarding the service request data to the tandem module by using the gateway;
and when the service analysis instruction does not exist in the service request data, forwarding the service request data to the parallel module by using the gateway.
Optionally, the encrypting the data to be encrypted to obtain encrypted request data includes:
converting the data to be encrypted into bytes to be encrypted, and splitting the bytes to be encrypted into four groups of bytes to be encrypted;
performing exclusive-or operation on the four groups of bytes to be encrypted by using a preset round key to obtain four groups of encrypted data;
and merging and outputting the four groups of encrypted data to obtain the encrypted request data.
Optionally, the identifying, by using the thread queue, a request permission of the service request data includes:
utilizing the thread queue to inquire whether the service request data exist in a preset request authorization record table or not;
when the service request data does not exist in a preset request authorization record table, determining that the service request data does not have a request authority;
and when the service request data exists in a preset request authorization record table, determining that the service request data has a request authority.
Optionally, the identifying, by using the thread queue, a request permission of the service request data includes:
reading the maximum thread number in the thread queue, and inquiring whether the thread in use reaches the maximum thread number;
when the thread in use reaches the maximum thread number, determining that no idle thread exists in the thread queue, creating a temporary thread, and identifying the request authority of the service request data by using the temporary thread;
and when the thread in use does not reach the maximum thread number, determining that the idle thread exists in the thread queue, and identifying the request authority of the service request data by using the idle thread.
Optionally, the desensitizing operation on the data to be desensitized to obtain desensitizing request data includes:
matching the data to be desensitized with information in a preset sensitive information base, determining the information which is consistent in matching as sensitive information, and configuring desensitization rules of the sensitive information;
and desensitizing the sensitive information according to the desensitizing rule to obtain desensitizing request data.
Optionally, the transmitting the service request data to a preset thread queue includes:
establishing a link between the service request data and the thread queue based on a preset communication convention, and forming a thread queue channel through the link;
and storing the service request data by utilizing the thread queue channel.
In order to solve the above problem, the present invention further provides a data processing apparatus based on gateway supervision, the apparatus comprising:
the gateway distribution module is used for receiving service request data and judging whether the service request data needs to be sent to a serial module or a parallel module in a preset gateway;
the request intercepting module is used for intercepting the service request data when the service request data needs to be sent to the serial module, transmitting the service request data to a preset thread queue, and identifying the request permission of the service request data by using the thread queue;
the desensitization encryption module is used for selecting data to be desensitized and data to be encrypted in the service request data according to a preset service rule when the service request data has a request right, desensitizing the data to be desensitized to obtain desensitization request data, encrypting the data to be encrypted to obtain encrypted request data, integrating the desensitization request data and the encrypted request data to obtain processed service request data, and responding the processed service request data to a preset request system;
and the parallel data processing module is used for signing the service request data to obtain signed service request data when the service request data needs to be sent to the parallel module.
In order to solve the above problem, the present invention also provides an electronic device, including:
a memory storing at least one computer program; and
and the processor executes the computer program stored in the memory to realize the gateway supervision-based data processing method.
In order to solve the above problem, the present invention further provides a computer-readable storage medium, in which at least one computer program is stored, and the at least one computer program is executed by a processor in an electronic device to implement the gateway supervision-based data processing method described above.
In the embodiment of the invention, firstly, by judging whether the service request data is sent to the serial module or the parallel module in the preset gateway, the serial module and the parallel module can realize the real-time supervision of the service request data, and the compatibility of different programming languages is realized through the application of the gateway, so that the secondary development is not needed, and the data response efficiency is improved; secondly, the service request data are transmitted to a preset thread queue through the series module, the request permission of the service request data is identified by the thread queue, the service request data can be processed concurrently, the efficiency of subsequent data response is improved, desensitization operation is carried out on the data to be desensitized to obtain desensitization request data, and sensitive privacy data existing in the service request data and reliability protection can be achieved; and finally, encrypting the data to be encrypted to obtain encrypted request data, so that the request data can be prevented from being stolen or tampered by others while the requirement of a user for analyzing the requested data is responded, the information security is enhanced, and the data response effect is improved. Therefore, the data processing method, the data processing device, the data processing equipment and the data processing storage medium based on gateway supervision provided by the embodiment of the invention can improve the data response effect and efficiency.
Drawings
Fig. 1 is a schematic flowchart of a data processing method based on gateway supervision according to an embodiment of the present invention;
fig. 2 is a detailed flowchart illustrating a step in a data processing method based on gateway supervision according to an embodiment of the present invention;
fig. 3 is a detailed flowchart illustrating a step in a data processing method based on gateway supervision according to an embodiment of the present invention;
fig. 4 is a block diagram of a data processing apparatus based on gateway supervision according to an embodiment of the present invention;
fig. 5 is a schematic internal structural diagram of an electronic device implementing a gateway supervision-based data processing method according to an embodiment of the present invention;
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
The embodiment of the invention provides a data processing method based on gateway supervision. The execution subject of the data processing method based on gateway supervision can be a gateway. Referring to fig. 1, which is a schematic flow chart of a data processing method based on gateway supervision according to an embodiment of the present invention, in an embodiment of the present invention, the data processing method based on gateway supervision includes:
and S1, receiving the service request data, and judging whether the service request data needs to be sent to a serial module or a parallel module in a preset gateway.
In one embodiment of the present invention, the gateway refers to an NGINX proxy server written based on the LUA language, and the gateway written by the LUA language can realize compatibility of different programming languages (such as JAVA, C + +, asp. net, PYTHON). Furthermore, because the efficient concurrency of the LUA language and the NGINX-based language are used, the gateway has no influence on the response, concurrency and delay of the subsequent service request data, and the efficiency of the subsequent response of the service request data is improved.
In other embodiments of the present invention, the gateway may also be an API gateway.
Further, in the embodiment of the present invention, the service request data includes, but is not limited to, a request content, a request purpose, and the like, where the request content or the request purpose is different according to different service scenarios. For example, in a banking scenario, the service request data may be a request customer name form.
In the embodiment of the present invention, the preset gateway integrates the functions of the server, and is configured to receive the service request data and route the service request data to the corresponding module. Further, the gateway comprises a serial module and a parallel module. Wherein the series module may be a series link and the parallel module may be a parallel link.
In the embodiment of the invention, after receiving the service request data, the service request data needs to be judged to pass through the serial module or the parallel module.
The embodiment of the invention can realize real-time supervision of the serial module and the parallel module on the service request data by receiving the service request data and judging whether the service request data needs to be sent to the serial module or the parallel module in the preset gateway, and realizes compatibility of different programming languages through the application of the gateway without secondary development so as to improve the efficiency of data response.
In detail, referring to fig. 2, the determining whether the service request data needs to be sent to a serial module or a parallel module in a preset gateway includes:
s11, identifying whether a service analysis instruction exists in the service request data;
s12, when a service analysis instruction exists in the service request data, forwarding the service request data to a tandem module by using the gateway;
and S13, when the service analysis instruction does not exist in the service request data, forwarding the service request data to a parallel module by using the gateway.
The service analysis instruction refers to a request sent by the client side and includes an instruction for performing service analysis on the call data, for example, the service request data is an instruction for acquiring and analyzing the client investment condition in the client information data table. The service analysis instruction may be implemented by identifying a URL of the service request data, for example, the URL of the service request data is 192.168.100.
Further, in an actual application scenario, since the serial module can analyze the service request data in real time, and the parallel module mainly responds to the service request data, and is mainly used for monitoring the service request data, the service request data cannot be analyzed, the service request data is forwarded to the serial module when the service request data includes a service analysis instruction, and the service request data is forwarded to the parallel module when the service analysis instruction does not exist.
The embodiment of the invention responds to the service request data, and can improve the response efficiency of the service request data. For example, when the service request data is sent to the serial module, since the serial module is a serial link, the service request data can be routed to the corresponding service system through the serial link, and compared with a service system which directly calls each service request data designation, the interaction is performed by following the serial module in the gateway, so that the interaction efficiency can be improved. The tandem module may also implement links for service request data and application responses on one line.
Further, in the embodiment of the invention, rule checking, interception, desensitization, encryption processing and the like are added in the serial modules.
In addition, in the embodiment of the invention, the parallel module can respond to the service request data in time and realize data monitoring of the service request data.
And S2, intercepting the service request data when the service request data needs to be sent to the tandem module, transmitting the service request data to a preset thread queue, and identifying the request permission of the service request data by using the thread queue.
The embodiment of the invention can acquire the URL of the service request data through a preset interceptor (such as a mybatis interceptor), and intercept the request message according to the URL, namely the request message is the service request data, wherein the request message comprises a request head, a request line and a request body of the service request.
Further, in the embodiment of the present invention, the thread queue may be implemented by a code written by Reactive Programming (Reactive Programming), where the Programming is an asynchronous Programming mode that focuses on service request data flow and request change delivery, and may enable a thread to avoid invalid blocking wait, reduce the number of threads of a program, reduce system resources, reduce complexity of asynchronous Programming, and improve readability of a code, where the thread queue includes an idle thread and a temporary thread; the idle thread refers to a thread which does not execute the service request in the thread queue; the transient thread refers to a thread that is transiently present in the thread queue.
In the embodiment of the invention, the request permission refers to the permission of a client sending service request data to access a service system, the service request data can acquire the data in the service system only when the request permission exists,
in the embodiment of the invention, when the service request data needs to be sent to the tandem module, the service request data needs to be further subjected to service analysis, the service request data is intercepted and transmitted to the preset thread queue, and the request permission of the service request data is identified by utilizing the thread queue, so that the service request data can be directly processed through threads in the thread queue without waiting, and the data safety in a service system is realized by identifying the request permission of the service request data.
Further, the transmitting the service request data to a preset thread queue includes: establishing a link between the service request data and the thread queue based on a preset communication convention, and forming a thread queue channel through the link; and storing the service request data by utilizing the thread queue channel.
The communication contract may be a Socket contract, and the link may be an http link; the thread queue channel refers to a channel for receiving messages, storing messages and sending messages.
As an embodiment of the present invention, the identifying, by using the thread queue, a request permission of the service request data includes: utilizing the thread queue to inquire whether the service request data exist in a preset request authorization record table or not; when the service request data does not exist in a preset request authorization record table, determining that the service request data does not have a request authority; and when the service request data exists in a preset request authorization record table, determining that the service request data has a request authority.
The request authorization record table is a data table for storing authorized service request data and acquired service request authorization information, and can obtain a request permission attribute by performing field splitting on the service request data, wherein the request permission attribute includes permission information, an authorization mode and the like of the service request data.
Further, the identifying, by using the thread queue, the request right of the service request data may further include:
reading the maximum thread number in the thread queue, and inquiring whether the thread in use reaches the maximum thread number; when the thread in use reaches the maximum thread number, determining that no idle thread exists in the thread queue, creating a temporary thread, and identifying the request authority of the service request data by using the temporary thread; and when the thread in use does not reach the maximum thread number, determining that the idle thread exists in the thread queue, and identifying the request authority of the service request data by using the idle thread.
The maximum thread number refers to the number of all threads set in the thread queue, and the maximum thread number can be customized based on actual services.
In an optional embodiment of the present invention, when an idle thread exists in the thread queue, the idle thread is defaulted to execute the service request data; when the idle thread does not exist in the thread queue, a temporary thread can be created in the thread queue, the main function of the temporary thread is to temporarily execute the thread of the service request when the idle thread does not exist, and when the service request is executed, the temporary thread is decomposed in the thread queue and releases new memory. The embodiment of the invention can simultaneously process a plurality of service requests by simultaneously calling the idle thread and the temporary thread to realize the asynchronous operation of the service requests, thereby reducing the waiting time of the service requests.
S3, when the service request data has the request right, selecting data to be desensitized and data to be encrypted in the service request data according to a preset service rule, desensitizing the data to be desensitized to obtain desensitized request data, encrypting the data to be encrypted to obtain encrypted request data, integrating the desensitized request data and the encrypted request data to obtain processed service request data, and responding the processed service request data to a preset request system.
In the embodiment of the invention, the preset service rule is a self-defined rule based on user requirements, and mainly has the functions of determining data needing desensitization and data needing encryption in service request data, matching desensitization field information needing desensitization and encryption field information needing encryption in the service request data through the service rule, taking the data corresponding to the desensitization field information as data to be desensitized and taking the data corresponding to the encryption field information as data to be encrypted.
In the embodiment of the invention, the desensitization request data refers to the request data after privacy removal, for example, when a client name form data table is requested, the privacy data in the service request data is desensitized on the basis of keeping supervision compliance and meeting enterprise compliance, so that the confidentiality and the security of the data are improved, and the privacy data are ensured not to be easily leaked, wherein the privacy data can include but not limited to personal basic data (such as name, mobile phone number, age and the like), personal identity information (such as identity number, social security number and the like) and personal equipment information (such as unchangeable unique equipment identification code).
In the embodiment of the invention, the encrypted request data refers to encrypted request data, the encrypted request data can respond to the requirement of a user for analyzing the requested data and prevent other people from stealing or tampering the request data, the information safety is enhanced, the data response effect is improved, and preferably, the encrypted data can be encrypted through an SM4 national encryption algorithm.
In the embodiment of the present invention, the processed service request data refers to data obtained by encrypting and desensitizing the service request data according to a requirement. For example, in a banking scenario, the service request data may be a request client name form data table, which may desensitize personal basic data (such as name, mobile phone number, age, and the like), personal identity information (such as an identity card number, social security number, and the like), personal device information (such as an unchangeable unique device identification code), and encrypt personal asset information (such as income, car, house, and the like) to obtain processed service request data.
In the embodiment of the present invention, the preset request system may be a system of a requester corresponding to the service request data.
According to the embodiment of the invention, the data to be desensitized and the data to be encrypted in the service request data are selected according to the preset service rule, the data to be desensitized is desensitized to obtain desensitization request data, sensitive privacy data existing in the service request data and reliability protection can be realized, the data to be encrypted is encrypted to obtain encrypted request data, the desensitization request data and the encrypted request data are integrated to obtain processed service request data, and the processed service request data is responded to a preset request system, so that the request data can be prevented from being stolen or tampered by others while the requirement of a user for analyzing the requested data is responded, the information security is enhanced, and the data processing effect is improved.
As an embodiment of the present invention, the desensitizing operation on the data to be desensitized to obtain desensitizing request data includes: matching the data to be desensitized with information in a preset sensitive information base, determining the information which is consistent in matching as sensitive information, and configuring desensitization rules of the sensitive information; and desensitizing the sensitive information according to the desensitizing rule to obtain desensitizing request data.
The sensitive information base is a database for storing sensitive information, and the accuracy rate of the information needing desensitization can be further determined by matching the information needing desensitization with the information in the sensitive information base, so that the privacy of a client is better protected.
In the embodiment of the invention, the desensitization rule refers to a rule on which desensitization is performed on desensitization data, and can be configured by self-definition according to requirements so as to realize different desensitization operations aiming at different data formats and improve desensitization efficiency, wherein the desensitization rule can comprise an invalidation mode, a truncation mode, a hiding mode, a migration mode, a rounding mode and the like; the desensitization operation is determined based on desensitization rules, and if the desensitization rules are in a hiding mode, the specified data are hidden through the desensitization operation. For example, ip addresses may be replaced with an "x" symbol, and desensitization is followed.
Further, referring to fig. 3, the encrypting the data to be encrypted to obtain the encryption request data includes:
s31, converting the data to be encrypted into bytes to be encrypted, and splitting the bytes to be encrypted into four groups of bytes to be encrypted;
s32, performing exclusive OR operation on the four groups of bytes to be encrypted by using a preset round key to obtain four groups of encrypted data;
and S33, merging and outputting the four groups of encrypted data to obtain the encrypted request data.
The byte to be encrypted is 128-bit data, and the byte to be encrypted is divided into 4 bytes to be encrypted of 32 bits; the round key means that 32 rounds of cyclic encryption are required to be performed on the bytes to be encrypted by using the round key of each round when the bytes to be encrypted are encrypted; the exclusive-or operation refers to an operation of shifting the byte to be encrypted to the left to realize the execution process of round circulation.
For example, the byte to be encrypted is divided into four groups of bytes to be encrypted, C ═ X 0 ,X 1 ,X 2 ,X 3 ) The round key is (rk) 31 ,rk 30 ,...,rk 0 ) The encrypted data is
Figure BDA0003688521980000091
Wherein, the
Figure BDA0003688521980000092
Is an xor operation symbol.
And S4, when the service request data need to be sent to the parallel module, signing the service request data to obtain signed service request data.
In the embodiment of the present invention, the signature service request data refers to encrypted data that marks service request data.
The embodiment of the invention obtains the signature service request data by signing the service request data, can identify whether the service request data contains a forged instruction, strengthens information safety protection, and can monitor the whole request process of the service request data without any adjustment by application so as to improve the response efficiency of the request data.
In an embodiment of the invention, when the parallel module receives the service request data, the service request data can be asynchronously sent to the thread queue, and the asynchronous response of the request is realized by asynchronously signing the service request data through the threads in the thread queue, so that the existing service system can be monitored without any adjustment, and the response efficiency of the request data is improved.
Further, the signing the service request data to obtain signed service request data includes: generating a service request data public key and a service request data private key by using a pre-constructed encryption algorithm, and storing the service request data private key and the service request data public key into a preset certificate request file; generating a public key certificate according to the certificate request file; and acquiring a preset server private key, and signing the public key certificate according to the preset server private key to obtain the signature service request data.
In an embodiment of the present invention, the preset certificate request file may be an enterprise digital certificate; the public key certificate refers to a certificate issued after a public key of service request data is connected with the service request data, and the public key certificate mainly comprises the following contents: information of electronic visa organ, service request data, public key of service request data, validity period and the like; the method has the main function of ensuring that the service request data is not stolen except for the sender and the receiver, and further ensuring that the service request data is not tampered in the transmission process.
In an optional embodiment of the present invention, the real-time data in the parallel module may be acquired through a preset data management platform docking thread queue, and the real-time data is visually processed to be displayed in real time, where the display effect may be selected based on a user requirement, for example, a dynamic chart type in a request displaying process, a service detail query, and the like.
In another optional embodiment of the present invention, the service request data and the signature service request data may also be recorded and stored in real time by the parallel module.
In the embodiment of the invention, firstly, by judging whether the service request data is sent to the serial module or the parallel module in the preset gateway, the serial module and the parallel module can realize the real-time supervision of the service request data, and the compatibility of different programming languages is realized through the application of the gateway, so that the secondary development is not needed, and the data response efficiency is improved; secondly, the service request data are transmitted to a preset thread queue through the series module, the request permission of the service request data is identified by the thread queue, the service request data can be processed concurrently, the efficiency of subsequent data response is improved, desensitization operation is carried out on the data to be desensitized to obtain desensitization request data, and sensitive privacy data existing in the service request data and reliability protection can be achieved; and finally, encrypting the data to be encrypted to obtain encrypted request data, so that the request data can be prevented from being stolen or tampered by others while the requirement of a user for analyzing the requested data is responded, the information security is enhanced, and the data response effect is improved. Therefore, the data processing method based on gateway supervision provided by the embodiment of the invention can improve the data response effect and efficiency.
The gateway supervision based data processing apparatus 100 of the present invention may be installed in an electronic device. According to the implemented functions, the data processing apparatus based on gateway supervision may include a gateway distribution module 101, a request interception module 102, a desensitization encryption module 103, and a parallel data processing module 104, which may also be referred to as a unit according to the present invention, and refer to a series of computer program segments that can be executed by a processor of an electronic device and can perform fixed functions, and are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the gateway distribution module 101 is configured to receive service request data and determine whether the service request data needs to be sent to a serial module or a parallel module in a preset gateway.
In one embodiment of the present invention, the gateway refers to an NGINX proxy server written based on the LUA language, and the gateway written by the LUA language can realize compatibility of different programming languages (such as JAVA, C + +, asp. net, PYTHON). Further, because the efficient concurrency of the LUA language and the NGINX-based are used, in the embodiment of the invention, the response, concurrency and delay of the gateway to the subsequent service request data are not influenced, and the efficiency of the subsequent response to the service request data is improved.
In other embodiments of the present invention, the gateway may also be an API gateway.
Further, in the embodiment of the present invention, the service request data includes, but is not limited to, a request content, a request purpose, and the like, where the request content or the request purpose is different according to different service scenarios. For example, in a banking scenario, the service request data may be a request customer name form.
In the embodiment of the present invention, the preset gateway integrates the functions of the server, and is configured to receive the service request data and route the service request data to the corresponding module. Further, the gateway comprises a serial module and a parallel module. Wherein the series module may be a series link and the parallel module may be a parallel link.
In the embodiment of the invention, after receiving the service request data, the service request data needs to be judged to pass through the serial module or the parallel module.
The embodiment of the invention can realize real-time supervision of the serial module and the parallel module on the service request data by receiving the service request data and judging whether the service request data needs to be sent to the serial module or the parallel module in the preset gateway, and realizes compatibility of different programming languages through the application of the gateway without secondary development so as to improve the efficiency of data response.
In detail, the gateway distributing module 101 determines whether the service request data needs to be sent to a serial module or a parallel module in a preset gateway by performing the following operations, including:
identifying whether a service analysis instruction exists in the service request data;
when a service analysis instruction exists in the service request data, forwarding the service request data to a tandem module by using the gateway;
and when the service analysis instruction does not exist in the service request data, forwarding the service request data to a parallel module by using the gateway.
The service analysis instruction refers to that the request sent by the client includes an instruction for performing service analysis on the call data, for example, the service request data is an instruction for acquiring and analyzing the client investment condition in the client information data table. The service analysis instruction may be implemented by identifying a URL of the service request data, for example, the URL of the service request data is 192.168.100.
Further, in an actual application scenario, since the serial module can analyze the service request data in real time, and the parallel module mainly responds to the service request data, and is mainly used for monitoring the service request data, the service request data cannot be analyzed, the service request data is forwarded to the serial module when the service request data includes a service analysis instruction, and the service request data is forwarded to the parallel module when the service analysis instruction does not exist.
The embodiment of the invention responds to the service request data, and can improve the response efficiency of the service request data. For example, when the service request data is sent to the serial module, since the serial module is a serial link, the service request data can be routed to the corresponding service system through the serial link, and compared with a service system which directly calls each service request data designation, the interaction is performed by following the serial module in the gateway, so that the interaction efficiency can be improved. The tandem module may also implement links for service request data and application responses on one line.
Further, in the embodiment of the invention, rule checking, interception, desensitization, encryption processing and the like are added in the series module.
In addition, in the embodiment of the invention, the parallel module can respond to the service request data in time and realize data monitoring of the service request data.
The request intercepting module 102 is configured to intercept the service request data when the service request data needs to be sent to the tandem module, transmit the service request data to a preset thread queue, and identify a request permission of the service request data by using the thread queue.
The embodiment of the invention can acquire the URL of the service request data through a preset interceptor (such as a mybatis interceptor), and intercept the request message according to the URL, namely the request message is the service request data, wherein the request message comprises a request head, a request line and a request body of the service request.
Further, in the embodiment of the present invention, the thread queue may be implemented by a code written by Reactive Programming (Reactive Programming), where the Programming is an asynchronous Programming mode that focuses on service request data flow and request change delivery, and may enable a thread to avoid invalid blocking wait, reduce the number of threads of a program, reduce system resources, reduce complexity of asynchronous Programming, and improve readability of a code, where the thread queue includes an idle thread and a temporary thread; the idle thread refers to a thread which does not execute the service request in the thread queue; the transient thread refers to a thread that is transiently present in the thread queue.
In the embodiment of the invention, the request permission refers to the permission of a client sending service request data to access a service system, the service request data can acquire the data in the service system only when the request permission exists,
in the embodiment of the invention, when the service request data needs to be sent to the tandem module, the service request data needs to be further subjected to service analysis, the service request data is intercepted and transmitted to the preset thread queue, and the request permission of the service request data is identified by utilizing the thread queue, so that the service request data can be directly processed through threads in the thread queue without waiting, and the data safety in a service system is realized by identifying the request permission of the service request data.
Further, the transmitting the service request data to a preset thread queue includes: establishing a link between the service request data and the thread queue based on a preset communication convention, and forming a thread queue channel through the link; and storing the service request data by utilizing the thread queue channel.
The communication contract may be a Socket contract, and the link may be an http link; the thread queue channel refers to a channel for receiving messages, storing messages and sending messages.
As an embodiment of the present invention, the identifying, by the request interception module 102, the request authority of the service request data by using the thread queue by performing the following operations, may further include:
utilizing the thread queue to inquire whether the service request data exist in a preset request authorization record table or not;
when the service request data does not exist in a preset request authorization record table, determining that the service request data does not have a request authority;
and when the service request data exists in a preset request authorization record table, determining that the service request data has a request authority.
The request authorization record table is a data table for storing authorized service request data and acquired service request authorization information, and can obtain a request permission attribute by performing field splitting on the service request data, wherein the request permission attribute includes permission information, an authorization mode and the like of the service request data.
Further, the identifying, by using the thread queue, the request right of the service request data includes:
reading the maximum thread number in the thread queue, and inquiring whether the thread in use reaches the maximum thread number; when the thread in use reaches the maximum thread number, determining that no idle thread exists in the thread queue, creating a temporary thread, and identifying the request authority of the service request data by using the temporary thread; and when the thread in use does not reach the maximum thread number, determining that the idle thread exists in the thread queue, and identifying the request authority of the service request data by using the idle thread.
The maximum thread number refers to the number of all threads set in the thread queue, and the maximum thread number can be customized based on actual services.
In an optional embodiment of the invention, when an idle thread exists in the thread queue, the idle thread is used for executing the service request data by default; when the idle thread does not exist in the thread queue, a temporary thread can be created in the thread queue, the main function of the temporary thread is to temporarily execute the thread of the service request when the idle thread does not exist, and when the service request is executed, the temporary thread is decomposed in the thread queue and releases new memory. The embodiment of the invention can simultaneously process a plurality of service requests by simultaneously calling the idle thread and the temporary thread to realize the asynchronous operation of the service requests, thereby reducing the waiting time of the service requests.
The desensitization encryption module 103 is configured to, when the service request data has a request right, select data to be desensitized and data to be encrypted in the service request data according to a preset service rule, perform desensitization operation on the data to be desensitized to obtain desensitization request data, encrypt the data to be encrypted to obtain encrypted request data, integrate the desensitization request data and the encrypted request data to obtain processed service request data, and respond the processed service request data to a preset request system.
In the embodiment of the invention, the preset service rule is a self-defined rule based on user requirements, and mainly has the functions of determining data needing desensitization and data needing encryption in service request data, matching desensitization field information needing desensitization and encryption field information needing encryption in the service request data through the service rule, taking the data corresponding to the desensitization field information as data to be desensitized and taking the data corresponding to the encryption field information as the data to be encrypted.
In the embodiment of the invention, the desensitization request data refers to the request data after privacy removal, for example, when a client name form data table is requested, the privacy data in the service request data is desensitized on the basis of keeping supervision compliance and meeting enterprise compliance, so that the confidentiality and the security of the data are improved, and the privacy data are ensured not to be easily leaked, wherein the privacy data can include but not limited to personal basic data (such as name, mobile phone number, age and the like), personal identity information (such as identity number, social security number and the like) and personal equipment information (such as unchangeable unique equipment identification code).
In the embodiment of the invention, the encrypted request data refers to encrypted request data, and the encrypted request data can respond to the requirement of a user for analyzing the requested data and prevent other people from stealing or tampering the request data, so that the information security is enhanced, the data response effect is improved, and preferably, the encrypted data can be encrypted through an SM4 national encryption algorithm.
In the embodiment of the present invention, the processed service request data refers to data obtained by encrypting and desensitizing the service request data according to a requirement. For example, in a banking scenario, the service request data may be a request customer name form data table, personal basic data (such as name, mobile phone number, age, and the like), personal identity information (such as identification number, social security number, and the like), and personal device information (such as an unalterable unique device identification code) in the customer name form data table may be desensitized, and personal asset information (such as income, car, house, and the like) may be encrypted to obtain processed service request data.
In the embodiment of the present invention, the preset request system may be a system of a requester corresponding to the service request data.
According to the embodiment of the invention, the data to be desensitized and the data to be encrypted in the service request data are selected according to the preset service rule, the data to be desensitized is desensitized to obtain desensitization request data, sensitive privacy data existing in the service request data and reliability protection can be realized, the data to be encrypted is encrypted to obtain encrypted request data, the desensitization request data and the encrypted request data are integrated to obtain processed service request data, and the processed service request data is responded to a preset request system, so that the request data can be prevented from being stolen or tampered by others while the requirement of a user for analyzing the requested data is responded, the information security is enhanced, and the data processing effect is improved.
As an embodiment of the present invention, the desensitizing operation on the data to be desensitized to obtain desensitizing request data includes: matching the data to be desensitized with information in a preset sensitive information base, determining information which is consistent in matching as sensitive information, and configuring desensitization rules of the sensitive information; and desensitizing the sensitive information according to the desensitizing rule to obtain desensitizing request data.
The sensitive information base is a database for storing sensitive information, and the accuracy rate of the information needing desensitization can be further determined by matching the information needing desensitization with the information in the sensitive information base, so that the privacy of a client is better protected.
In the embodiment of the invention, the desensitization rule refers to a rule on which desensitization is performed on desensitization data, and can be configured by self-definition according to requirements so as to realize different desensitization operations aiming at different data formats and improve desensitization efficiency, wherein the desensitization rule can comprise an invalidation mode, a truncation mode, a hiding mode, a migration mode, a rounding mode and the like; the desensitization operation is determined based on desensitization rules, and if the desensitization rules are in a hiding mode, the specified data are hidden through the desensitization operation. For example, ip addresses may be replaced with an "x" symbol, and desensitization is followed.
Further, the desensitization encryption module 103 encrypts the data to be encrypted by performing the following operations to obtain encryption request data, including:
converting the data to be encrypted into bytes to be encrypted, and splitting the bytes to be encrypted into four groups of bytes to be encrypted;
respectively carrying out exclusive-or operation on the four groups of bytes to be encrypted by utilizing a preset round key to obtain four groups of encrypted data;
and merging and outputting the four groups of encrypted data to obtain the encrypted request data.
The byte to be encrypted is 128-bit data, and the byte to be encrypted is divided into 4 bytes to be encrypted of 32 bits; the round key means that 32 rounds of cyclic encryption are required to be performed on the bytes to be encrypted by using the round key of each round when the bytes to be encrypted are encrypted; the exclusive-or operation refers to an operation of shifting the byte to be encrypted to the left to realize the execution process of round circulation.
For example, the byte to be encrypted is divided into four groups of bytes to be encrypted, C ═ X 0 ,X 1 ,X 2 ,X 3 ) The round key is (rk) 31 ,rk 30 ,...,rk 0 ) The encrypted data is
Figure BDA0003688521980000151
Wherein, the
Figure BDA0003688521980000152
Is an xor operation symbol.
The parallel data processing module 104 is configured to sign the service request data to obtain signed service request data when the service request data needs to be sent to the parallel module.
In the embodiment of the present invention, the signature service request data refers to encrypted data that marks service request data.
The embodiment of the invention obtains the signature service request data by signing the service request data, can identify whether the service request data contains a forged instruction, strengthens information safety protection, and can monitor the whole request process of the service request data without any adjustment by application so as to improve the response efficiency of the request data.
In an embodiment of the invention, when the parallel module receives the service request data, the service request data can be asynchronously sent to the thread queue, and the asynchronous response of the request is realized by asynchronously signing the service request data through the threads in the thread queue, so that the existing service system can be monitored without any adjustment, and the response efficiency of the request data is improved.
Further, the signing the service request data to obtain signed service request data includes: generating a service request data public key and a service request data private key by using a pre-constructed encryption algorithm, and storing the service request data private key and the service request data public key into a preset certificate request file; generating a public key certificate according to the certificate request file; and acquiring a preset server private key, and signing the public key certificate according to the preset server private key to obtain the signature service request data.
In an embodiment of the present invention, the preset certificate request file may be an enterprise digital certificate; the public key certificate refers to a certificate issued after a public key of service request data is connected with the service request data, and the public key certificate mainly comprises the following contents: information of electronic visa organ, service request data, public key of service request data, validity period and the like; the method has the main function of ensuring that the service request data is not stolen except for the sender and the receiver, and further ensuring that the service request data is not tampered in the transmission process.
In an optional embodiment of the present invention, the real-time data in the parallel module may be acquired through a preset data management platform docking thread queue, and the real-time data is visually processed to be displayed in real time, where the display effect may be selected based on a user requirement, for example, a dynamic chart type in a request displaying process, a service detail query, and the like.
In another optional embodiment of the present invention, the service request data and the signature service request data may be recorded and stored in real time through the parallel module.
In the embodiment of the invention, firstly, by judging whether the service request data is sent to the serial module or the parallel module in the preset gateway, the serial module and the parallel module can realize the real-time supervision of the service request data, and the compatibility of different programming languages is realized through the application of the gateway, so that the secondary development is not needed, and the data response efficiency is improved; secondly, the service request data are transmitted to a preset thread queue through the series module, the request permission of the service request data is identified by the thread queue, the service request data can be processed concurrently, the efficiency of subsequent data response is improved, desensitization operation is carried out on the data to be desensitized to obtain desensitization request data, and sensitive privacy data existing in the service request data and reliability protection can be achieved; and finally, encrypting the data to be encrypted to obtain encrypted request data, so that the request data can be prevented from being stolen or tampered by others while the requirement of a user for analyzing the requested data is responded, the information security is enhanced, and the data response effect is improved. Therefore, the data processing device based on gateway supervision provided by the embodiment of the invention can improve the data response effect and efficiency.
Fig. 5 is a schematic structural diagram of an electronic device implementing a data processing method based on gateway supervision according to the present invention.
The electronic device may comprise a processor 10, a memory 11, a communication bus 12 and a communication interface 13, and may further comprise a computer program, such as a gateway supervision based data processing program, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of media, which includes flash memory, removable hard disk, multimedia card, card type memory (e.g., SD or DX memory, etc.), magnetic memory, local disk, optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device, for example a removable hard disk of the electronic device. The memory 11 may also be an external storage device of the electronic device in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device. The memory 11 may be used not only to store application software installed in the electronic device and various types of data, such as codes of a data processing program based on gateway supervision, etc., but also to temporarily store data that has been output or is to be output.
The processor 10 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the whole electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device by running or executing programs or modules (e.g., data processing programs based on gateway supervision, etc.) stored in the memory 11 and calling data stored in the memory 11.
The communication bus 12 may be a PerIPheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The bus may be divided into an address bus, a data bus, a control bus, etc. The communication bus 12 is arranged to enable connection communication between the memory 11 and at least one processor 10 or the like. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
Fig. 5 shows only an electronic device having components, and those skilled in the art will appreciate that the structure shown in fig. 5 does not constitute a limitation of the electronic device, and may include fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
For example, although not shown, the electronic device may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 10 through a power management device, so that functions of charge management, discharge management, power consumption management and the like are realized through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Optionally, the communication interface 13 may include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), which is generally used to establish a communication connection between the electronic device and other electronic devices.
Optionally, the communication interface 13 may further include a user interface, which may be a Display (Display), an input unit (such as a Keyboard (Keyboard)), and optionally, a standard wired interface, or a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable, among other things, for displaying information processed in the electronic device and for displaying a visualized user interface.
It is to be understood that the embodiments described are illustrative only and are not to be construed as limiting the scope of the claims.
The gateway supervision based data processing program stored by the memory 11 in the electronic device is a combination of a plurality of computer programs, which when run in the processor 10, may implement:
receiving service request data, and judging whether the service request data needs to be sent to a serial module or a parallel module in a preset gateway;
intercepting the service request data when the service request data needs to be sent to a serial module, transmitting the service request data to a preset thread queue, and identifying the request permission of the service request data by using the thread queue;
when the service request data has the request right, selecting data to be desensitized and data to be encrypted in the service request data according to a preset service rule, desensitizing the data to be desensitized to obtain desensitized request data, encrypting the data to be encrypted to obtain encrypted request data, integrating the desensitized request data and the encrypted request data to obtain processed service request data, and responding the processed service request data to a preset request system;
and when the service request data need to be sent to the parallel module, signing the service request data to obtain signed service request data.
Specifically, the processor 10 may refer to the description of the relevant steps in the embodiment corresponding to fig. 1 for a specific implementation method of the computer program, which is not described herein again.
Further, the electronic device integrated module/unit, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in a computer readable medium. The computer readable medium may be non-volatile or volatile. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM).
Embodiments of the present invention may also provide a computer-readable storage medium, where the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor of an electronic device, the computer program may implement:
receiving service request data, and judging whether the service request data needs to be sent to a serial module or a parallel module in a preset gateway;
intercepting the service request data when the service request data needs to be sent to a serial module, transmitting the service request data to a preset thread queue, and identifying the request permission of the service request data by using the thread queue;
when the service request data has the request right, selecting data to be desensitized and data to be encrypted in the service request data according to a preset service rule, desensitizing the data to be desensitized to obtain desensitized request data, encrypting the data to be encrypted to obtain encrypted request data, integrating the desensitized request data and the encrypted request data to obtain processed service request data, and responding the processed service request data to a preset request system;
and when the service request data need to be sent to the parallel module, signing the service request data to obtain signed service request data.
Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like.
In the embodiments provided by the present invention, it should be understood that the disclosed media, devices, apparatuses and methods may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (10)

1. A data processing method based on gateway supervision is characterized by comprising the following steps:
receiving service request data, and judging whether the service request data needs to be sent to a serial module or a parallel module in a preset gateway;
when the service request data need to be sent to the series module, the service request data are intercepted, the service request data are transmitted to a preset thread queue, and the request permission of the service request data is identified by utilizing the thread queue;
when the service request data has the request right, selecting data to be desensitized and data to be encrypted in the service request data according to a preset service rule, desensitizing the data to be desensitized to obtain desensitized request data, encrypting the data to be encrypted to obtain encrypted request data, integrating the desensitized request data and the encrypted request data to obtain processed service request data, and responding the processed service request data to a preset request system;
and when the service request data need to be sent to the parallel module, signing the service request data to obtain signed service request data.
2. The gateway supervision-based data processing method according to claim 1, wherein said determining whether the service request data needs to be sent to a serial module or a parallel module in a preset gateway comprises:
identifying whether a service analysis instruction exists in the service request data;
when a service analysis instruction exists in the service request data, forwarding the service request data to the tandem module by using the gateway;
and when the service analysis instruction does not exist in the service request data, forwarding the service request data to the parallel module by using the gateway.
3. The gateway supervision-based data processing method according to claim 1, wherein said encrypting the data to be encrypted to obtain encrypted request data comprises:
converting the data to be encrypted into bytes to be encrypted, and splitting the bytes to be encrypted into four groups of bytes to be encrypted;
performing exclusive-or operation on the four groups of bytes to be encrypted by using a preset round key to obtain four groups of encrypted data;
and merging and outputting the four groups of encrypted data to obtain the encrypted request data.
4. The gateway supervision-based data processing method according to claim 1, wherein said identifying request permission for the service request data using the thread queue comprises:
utilizing the thread queue to inquire whether the service request data exist in a preset request authorization record table or not;
when the service request data does not exist in a preset request authorization record table, determining that the service request data does not have a request authority;
and when the service request data exists in a preset request authorization record table, determining that the service request data has a request authority.
5. The gateway supervision based data processing method according to claim 4, wherein said identifying request rights of said service request data using said thread queue comprises:
reading the maximum thread number in the thread queue, and inquiring whether the thread in use reaches the maximum thread number;
when the thread in use reaches the maximum thread number, determining that no idle thread exists in the thread queue, creating a temporary thread, and identifying the request authority of the service request data by using the temporary thread;
and when the thread in use does not reach the maximum thread number, determining that the idle thread exists in the thread queue, and identifying the request authority of the service request data by using the idle thread.
6. The gateway supervision-based data processing method according to claim 1, wherein the desensitizing operation of the data to be desensitized to obtain desensitization request data comprises:
matching the data to be desensitized with information in a preset sensitive information base, determining information which is consistent in matching as sensitive information, and configuring desensitization rules of the sensitive information;
and desensitizing the sensitive information according to the desensitizing rule to obtain desensitizing request data.
7. The gateway supervision-based data processing method according to claim 1, wherein the transmitting the service request data to a preset thread queue comprises:
establishing a link between the service request data and the thread queue based on a preset communication convention, and forming a thread queue channel through the link;
and storing the service request data by utilizing the thread queue channel.
8. A data processing apparatus based on gateway supervision, the apparatus comprising:
the gateway distribution module is used for receiving service request data and judging whether the service request data needs to be sent to a serial module or a parallel module in a preset gateway;
the request intercepting module is used for intercepting the service request data when the service request data needs to be sent to the serial module, transmitting the service request data to a preset thread queue, and identifying the request permission of the service request data by using the thread queue;
the desensitization encryption module is used for selecting data to be desensitized and data to be encrypted in the service request data according to a preset service rule when the service request data has a request right, desensitizing the data to be desensitized to obtain desensitization request data, encrypting the data to be encrypted to obtain encrypted request data, integrating the desensitization request data and the encrypted request data to obtain processed service request data, and responding the processed service request data to a preset request system;
and the parallel data processing module is used for signing the service request data to obtain signed service request data when the service request data needs to be sent to the parallel module.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the gateway oversight based data processing method of any of claims 1 to 7.
10. A computer-readable storage medium, storing a computer program, wherein the computer program, when executed by a processor, implements the gateway supervision-based data processing method according to any one of claims 1 to 7.
CN202210657077.0A 2022-06-10 2022-06-10 Data processing method, device, equipment and storage medium based on gateway supervision Pending CN115086432A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210657077.0A CN115086432A (en) 2022-06-10 2022-06-10 Data processing method, device, equipment and storage medium based on gateway supervision

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210657077.0A CN115086432A (en) 2022-06-10 2022-06-10 Data processing method, device, equipment and storage medium based on gateway supervision

Publications (1)

Publication Number Publication Date
CN115086432A true CN115086432A (en) 2022-09-20

Family

ID=83251565

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210657077.0A Pending CN115086432A (en) 2022-06-10 2022-06-10 Data processing method, device, equipment and storage medium based on gateway supervision

Country Status (1)

Country Link
CN (1) CN115086432A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100256994A1 (en) * 2005-01-10 2010-10-07 International Business Machines Corporation Privacy entitlement protocols for secure data exchange, collection, monitoring and/or alerting
US20160119289A1 (en) * 2014-10-22 2016-04-28 Protegrity Corporation Data computation in a multi-domain cloud environment
CN108737176A (en) * 2018-05-20 2018-11-02 湖北九州云仓科技发展有限公司 A kind of data gateway control method, electronic equipment, storage medium and framework
WO2020140666A1 (en) * 2019-01-04 2020-07-09 深圳壹账通智能科技有限公司 Data management method, device, computer apparatus and storage medium
CN112906025A (en) * 2021-03-03 2021-06-04 江苏保旺达软件技术有限公司 Database management and control method, device, equipment and storage medium
CN113645226A (en) * 2021-08-09 2021-11-12 杭州安恒信息技术股份有限公司 Data processing method, device, equipment and storage medium based on gateway layer
CN113888349A (en) * 2021-09-18 2022-01-04 广东电网有限责任公司广州供电局 Electric power data analysis system
CN113886880A (en) * 2021-10-09 2022-01-04 京东科技信息技术有限公司 Data protection method, system, device and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100256994A1 (en) * 2005-01-10 2010-10-07 International Business Machines Corporation Privacy entitlement protocols for secure data exchange, collection, monitoring and/or alerting
US20160119289A1 (en) * 2014-10-22 2016-04-28 Protegrity Corporation Data computation in a multi-domain cloud environment
CN108737176A (en) * 2018-05-20 2018-11-02 湖北九州云仓科技发展有限公司 A kind of data gateway control method, electronic equipment, storage medium and framework
WO2020140666A1 (en) * 2019-01-04 2020-07-09 深圳壹账通智能科技有限公司 Data management method, device, computer apparatus and storage medium
CN112906025A (en) * 2021-03-03 2021-06-04 江苏保旺达软件技术有限公司 Database management and control method, device, equipment and storage medium
CN113645226A (en) * 2021-08-09 2021-11-12 杭州安恒信息技术股份有限公司 Data processing method, device, equipment and storage medium based on gateway layer
CN113888349A (en) * 2021-09-18 2022-01-04 广东电网有限责任公司广州供电局 Electric power data analysis system
CN113886880A (en) * 2021-10-09 2022-01-04 京东科技信息技术有限公司 Data protection method, system, device and storage medium

Similar Documents

Publication Publication Date Title
WO2022134760A1 (en) Data processing method and apparatus, and electronic device and medium
CN112104627B (en) Block chain-based data transmission method and device, electronic equipment and storage medium
CN113422686B (en) Gateway layer authentication method, system, electronic device and storage medium
CN113420049B (en) Data circulation method, device, electronic equipment and storage medium
CN111914029A (en) Block chain-based medical data calling method and device, electronic equipment and medium
CN111695097A (en) Login checking method and device and computer readable storage medium
CN113822675A (en) Block chain based message processing method, device, equipment and storage medium
CN113127915A (en) Data encryption desensitization method and device, electronic equipment and storage medium
CN114884697B (en) Data encryption and decryption method and related equipment based on cryptographic algorithm
CN114500093A (en) Safe interaction method and system for message information
CN114553532A (en) Data secure transmission method and device, electronic equipment and storage medium
CN115514578B (en) Block chain based data authorization method and device, electronic equipment and storage medium
CN114826725B (en) Data interaction method, device, equipment and storage medium
CN114697132B (en) Method, device, equipment and storage medium for intercepting repeated access request attack
CN115643090A (en) Longitudinal federal analysis method, device, equipment and medium based on privacy retrieval
CN112217639B (en) Data encryption sharing method and device, electronic equipment and computer storage medium
CN115086432A (en) Data processing method, device, equipment and storage medium based on gateway supervision
CN111683070B (en) Data transmission method and device based on identity encryption and storage medium
CN114036068A (en) Update detection method, device, equipment and storage medium based on privacy security
CN114125158A (en) Anti-harassment method, device, equipment and storage medium based on trusted telephone
CN112988888A (en) Key management method, key management device, electronic equipment and storage medium
CN113609531A (en) Block chain based information interaction method, device, equipment, medium and product
CN112487400A (en) Single sign-on method and device based on multiple pages, electronic equipment and storage medium
CN114826612B (en) Data interaction method, device, equipment and storage medium
CN117499159B (en) Block chain-based data transaction method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination